Last active
January 18, 2024 17:25
-
-
Save kmjones1979/3c6ae6645c6814084a655d73f59f47e9 to your computer and use it in GitHub Desktop.
Example NGINX configuration using auth_request and auth_request_set directives to route users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user nginx; | |
| worker_processes auto; | |
| error_log /var/log/nginx/error.log info; | |
| pid /var/run/nginx.pid; | |
| events { worker_connections 1024; } | |
| http { | |
| default_type text/html; | |
| log_format main '$remote_addr -> $request $status $body_bytes_sent bytes -> $upstream_addr'; | |
| access_log /var/log/nginx/access.log main; | |
| map $dynamic $upstream { | |
| pilot pilot; | |
| normal normal; | |
| default default; | |
| } | |
| upstream pilot { | |
| zone pilot 64k; | |
| server 127.0.0.1:4001; | |
| } | |
| upstream normal { | |
| zone normal 64k; | |
| server 127.0.0.1:5001; | |
| } | |
| upstream default { | |
| zone default 64k; | |
| server 127.0.0.1:6001; | |
| } | |
| upstream auth { | |
| zone auth 64k; | |
| server 127.0.0.1:3001; | |
| } | |
| server { | |
| status_zone auth-backend; | |
| listen 3001; | |
| location / { | |
| #return 403; | |
| return 200 "User is authorized.\n"; | |
| #add_header X-Route "normal" always; | |
| } | |
| } | |
| server { | |
| status_zone pilot-backend; | |
| listen 4001; | |
| location / { | |
| return 200 "This request has been accessed by a Pilot User. - X-Route: $http_x_route \n"; | |
| } | |
| } | |
| server { | |
| status_zone normal-backend; | |
| listen 5001; | |
| location / { | |
| return 200 "This request has been accessed by a Normal User. - X-Route: $http_x_route \n"; | |
| } | |
| } | |
| server { | |
| status_zone default; | |
| listen 6001; | |
| location / { | |
| return 200 "This request has no X-Route header specified on the backend. - X-Route: $http_x_route \n"; | |
| } | |
| } | |
| server { | |
| status_zone nginx-frontend; | |
| listen 80; | |
| location / { | |
| auth_request /auth; | |
| auth_request_set $dynamic $upstream_http_x_route; | |
| proxy_set_header X-Route $dynamic; | |
| proxy_pass http://$upstream; | |
| } | |
| location /auth { | |
| proxy_pass http://auth; | |
| proxy_pass_request_body off; | |
| proxy_set_header Content-Length ""; | |
| proxy_set_header X-Original-URI $request_uri; | |
| } | |
| } | |
| server { | |
| listen 8080; | |
| status_zone status-page; | |
| root /usr/share/nginx/html; | |
| location = /status.html { } | |
| location = /status-old.html { } | |
| location = / { | |
| return 301 /status.html; | |
| } | |
| location /status { | |
| status; | |
| status_format json; | |
| access_log off; | |
| } | |
| location /upstream_conf { | |
| upstream_conf; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment